We continue to notice email phishing scams coming to our clients so we wanted to provide some information to everyone about what to watch out for.
Most phishing scams will ask you to verify your private information or login account information by filling out a form in a link or an attachment in the email. The email will try and scare you into thinking your account has been compromised or that you may lose access to your account if you do not respond. The email will attempt to look like its from a company you have done business with like a bank or email hosting company.
Be aware that we would never send out an email to our clients asking for this type of information. Neither would any other legitimate company. Also, the email will usually be just generic enough to try and look like its legitimate but if you look closely there are major clues that it is not from us.
Here is an example of a recent phishing email sent to one of our clients:
From: C 2011 e-mail Support Team. [mailto:firstname.lastname@example.org]
Sent: Wednesday, October 05, 2011 12:00 AM
Subject: Web-email Account VerificationR
Dear e-mail User
Due to concerns for the safety and integrity of our web base e-mail service...we have issued this warning message. We have noticed that your e-mail account needs to be verified/confirmed, as we are upgrading our SSL web base e-mail account database.
To verify your e-mail account, please download the attachment below to verify your e-mail Account:
For further information, please contact our Customer Services.
Note: Failure to Verify/Confirm email account within 48hrs may lost his or her email account.
C 2011 e-mail Support Team.
Double check the email address that the message was sent from, if its not from a unions-america.com, unionactive.com, or profirefighter.com address then its definitely not from us. But be aware that its very easy to fake the from email address in any email sent to you.
Look at the end of the email, where its signed at the bottom. Usually it will be something very generic like "The Webmail Support Team". This is another clue that its not legitimate.
Most importantly, DO NOT open any attachment or link in any email that you are not 100% sure is legitimate. And do not reply to the message either, doing so lets the scammer know that your email address is real and that you might fall for their scam.
When in doubt, feel free to forward the email to our support staff and we can let you know right away if its fake.
Here are some links for further information on protecting yourself from phishing scams:
Report phishing scams to US-CERT team
Microsoft Safety & Security Center phishing & scam info
Trend Micro's latest spam & vulnerability alerts